Add ManageClientPermission method to handle client permission management with validation

2025-06-03 00:42:45 -04:00 · 2025-06-03 00:42:45 -04:00 · fa53c687ab
commit fa53c687ab
parent 9358366f3c
2 changed files with 56 additions and 0 deletions
--- a/src/FederationServer/Classes/Enums/Method.php
+++ b/src/FederationServer/Classes/Enums/Method.php
@ -4,6 +4,7 @@

    use FederationServer\Exceptions\RequestException;
    use FederationServer\Methods\ManageBlacklistPermission;
+    use FederationServer\Methods\ManageClientPermission;
    use FederationServer\Methods\ManageOperatorsPermission;
    use FederationServer\Methods\CreateOperator;
    use FederationServer\Methods\DeleteOperator;
@ -22,6 +23,7 @@
        case REFRESH_OPERATOR_API_KEY;
        case MANAGE_OPERATORS_PERMISSION;
        case MANAGE_BLACKLIST_PERMISSION;
+        case MANAGE_CLIENT_PERMISSION;

        case UPLOAD_ATTACHMENT;
        case DOWNLOAD_ATTACHMENT;
@ -57,6 +59,9 @@
                case self::MANAGE_BLACKLIST_PERMISSION:
                    ManageBlacklistPermission::handleRequest();
                    break;
+                case self::MANAGE_CLIENT_PERMISSION:
+                    ManageClientPermission::handleRequest();
+                    break;

                case self::UPLOAD_ATTACHMENT:
                    UploadAttachment::handleRequest();
@ -90,6 +95,7 @@
                $requestMethod === 'POST' && $path === '/operators/refresh' => Method::REFRESH_OPERATOR_API_KEY,
                $requestMethod === 'POST' && $path === '/operators/permissions/manage_operators' => Method::MANAGE_OPERATORS_PERMISSION,
                $requestMethod === 'POST' && $path === '/operators/permissions/manage_blacklist' => Method::MANAGE_BLACKLIST_PERMISSION,
+                $requestMethod === 'POST' && $path === '/operators/permissions/manage_client' => Method::MANAGE_CLIENT_PERMISSION,

                default => null,
            };
--- a/src/FederationServer/Methods/ManageClientPermission.php
+++ b/src/FederationServer/Methods/ManageClientPermission.php
@ -0,0 +1,50 @@
+<?php
+
+    namespace FederationServer\Methods;
+
+    use FederationServer\Classes\Logger;
+    use FederationServer\Classes\Managers\OperatorManager;
+    use FederationServer\Classes\RequestHandler;
+    use FederationServer\Classes\Validate;
+    use FederationServer\Exceptions\DatabaseOperationException;
+    use FederationServer\Exceptions\RequestException;
+    use FederationServer\FederationServer;
+
+    class ManageClientPermission extends RequestHandler
+    {
+        /**
+         * @inheritDoc
+         */
+        public static function handleRequest(): void
+        {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
+            if(!$authenticatedOperator->canManageOperators())
+            {
+                throw new RequestException('Unauthorized: Insufficient permissions manage permissions', 403);
+            }
+
+            $operatorUuid = FederationServer::getParameter('uuid');
+            $enabled = (bool)filter_var(FederationServer::getParameter('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+            if($operatorUuid === null)
+            {
+                throw new RequestException('Bad Request: Missing required parameters', 400);
+            }
+
+            if(!Validate::uuid($operatorUuid))
+            {
+                throw new RequestException('Bad Request: Invalid operator UUID', 400);
+            }
+
+            try
+            {
+                OperatorManager::setClient($operatorUuid, $enabled);
+            }
+            catch(DatabaseOperationException $e)
+            {
+                Logger::log()->error('Database error while managing operator\'s permissions: ' . $e->getMessage(), $e);
+                throw new RequestException('Internal Server Error: Unable to manage operator\'s permissions', 500, $e);
+            }
+
+            self::successResponse();
+        }
+    }